Fedora: Security Advisory for php-horde-horde (FEDORA-2020-fd8761fd13)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Symfony software platform for developing and managing web applications stems from the lack of measures taken to neutralize special elements that could prevent unauthorized code from being implemented.

The vulnerability of the Symfony software platform for developing and managing web applications exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to inject arbitrary code remotely...

Fedora Update for php-horde-horde FEDORA-2019-a975e52e95

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1707-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2019-16191)

Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation USA. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. A denial of service vulnerability exists in Microsoft ASP.NET Core versions 2.2...

Icinga Web 2 Denial of Service Vulnerability

Icinga Web 2 is a PHP-based responsive and extensible web application framework from the Icinga project. A security vulnerability exists in Icinga Web 2 version 2.6.1. An attacker can exploit this vulnerability to cause a denial of service...

SensioLabs Symfony 3.3.6 Cross Site Scripting

SensioLabs Symfony version 3.3.6 - Cross-Site Scripting Reflect Exploit Title: SensioLabs Symfony version 3.3.6 - Cross-Site Scripting Reflect Date: 08-06-2018 Software Link: https://symfony.com/ Exploit Author: HaMM0nz Chakrit S., a member of KPMG Cyber Security team in Thailand CVE:...

Debian Security Advisory DSA 3678-1 (python-django - security update)

Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery CSRF protections built into Django. OpenVAS Vulnerability Test $Id:...

[SECURITY] Fedora 24 Update: php-horde-horde-5.2.12-1.fc24

The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of...

Debian DSA-3651-1 : rails - security update

Andrew Carpenter of Critical Juncture discovered a cross-site scripting vulnerability affecting Action View in rails, a web application framework written in Ruby. Text declared as 'HTML safe' will not have quotes escaped when used as attribute values in tag helpers. %NASLMINLEVEL 70300 C Tenable...

Debian DSA-3509-1 : rails - security update

Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails. - CVE-2016-2097 Crafted requests to Action View, one of the components of Action Pack, might result in rendering files...

DSA-3509-1 rails - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3509-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 23 Update: php-horde-horde-5.2.8-1.fc23

The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of...

Cross-Site Scripting (XSS) in Zikula Application Framework

Advisory ID: HTB23178 Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification: October 16, 2013 Vendor Patch:...

Zikula 1.3.5 Build 20 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification...

Apache Struts 安全措施绕过漏洞

BUGTRAQ ID: 62584 CVECAN ID: CVE-2013-4310 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。 Apache Struts 2.0.0-2.3.15.1的操作映射机制支持特殊参数前缀操作，这样有可能会在表格底部附加引导信息，在映射 "action:" 前缀操作时存在安全绕过漏洞，可被利用绕过某些安全限制，访问受限制功能。 0 Apache Group Struts 2.3.15.2 厂商补丁： Apache Group ------------ Apache...

Debian Security Advisory DSA 2758-1 (python-django - denial of service)

It was discovered that python-django, a high-level Python web develompent framework, is prone to a denial of service vulnerability via large passwords. A non-authenticated remote attacker could mount a denial of service by submitting arbitrarily large passwords, tying up server resources in the...

Django 目录遍历序列(CVE-2013-4315)

BUGTRAQ ID: 62332 CVECAN ID: CVE-2013-4315 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django在ssi模板标签的实现上存在目录遍历漏洞，攻击者可利用此漏洞获取敏感信息。 0 Django 1.4.x 厂商补丁： Django ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.djangoproject.com/...

Django "ssi"模板标签目录遍历漏洞(CVE-2013-4315)

BUGTRAQ ID: 62332 CVECAN ID: CVE-2013-4315 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django 1.4.7、1.5.3之前版本在处理"ssi"标签时没有在template/defaulttags.py内正确验证ALLOWEDINCLUDEROOTS设置，即用于读取文件，远程攻击者通过目录遍历序列利用此漏洞可获取敏感信息。 0 Django 1.5.x Django 1.4.x 厂商补丁： Django ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...